This report analyzes privacy issues surrounding the NSA, how they appear
similar to those found in other sectors, and how lessons learned in one
area may potentially benefit, or at least inform, other areas in pursuit
of an equitable balance between the need to know and the right to
privacy.

The National Security Agency (News - Alert)/Central Security Service of the United
States, or NSA/CSS, has inserted itself into the realm of Big Data. The
intent of this report is to discuss how it has done so, and to analyze
the issues and impacts resulting from its actions, both on the populace
at large and specifically on Big Data.

The report's main conclusions and takeaways are as follows:

1. The NSA/CSS (News - Alert) (referred to hereafter in this report simply as the NSA)
now has access to detailed information about much of the electronic
communication in the U.S. This includes virtually all mobile
communications, virtually all online communications, whether mobile or
computer-based, and some landline business communications. It includes
phone and data traffic originating inside the U.S. and terminating
either inside or outside the U.S. The NSA also has access to most of the
credit card transactions occurring in the U.S.; and, as an addon to its
24/7 surveillance of U.S.-based mobile communications, the NSA is also
tapping into the most popular mobile phone applications, including Angry
Birds.

2. The NSA is collectng data from these sources as a result of
agreements it has specifically imposed on mobile operators and Internet
infrastructure providersthrough electronic back doors it has persuaded
providers to insert in their software and systems, and through its own
ability to troll communications highways and collect data at will.
Providers such as Google (News - Alert) have angrily denounced the NSA's actions, and
claim to have agreed to no such thing; but whatever the case, the end
result is the same.

3. The NSA claims to simply be interested in, and collecting, metadata,
a term that is roughly equivalent to data about the data. In the case of
what the NSA is claiming, this means information such as call
origination and destination points, call duration, where someone
accessed the Web and how much time they spent online; not the content of
calls or emails. Yet, the NSA is hard at work cracking the code, so to
speak, of Secure Sockets Layer (SSL), the protocol that, until now, has
kept the content of online communications and transactions hidden from
prying eyes. The NSA has also now set its sights on the Advanced
Encryption Standard (AES), which is an encryption algorithm for securing
sensitive but unclassified material by U.S. government agencies, and is
being used more and more for commercial transactions. The NSA's actions
with regard to SSL and AES have content inspection written all over them.

4. The NSA is far from the only entity that appears to be trampling on
the notion of personal privacy in pursuit of information it believes it
needs to achieve its ends. The private sector, too, is teeming with
examples of companies obtaining personal user data through questionable
means, and deploying it in even more questionable ways.

5. Concepts and technologies currently in use or development, such as
Harvard University's extensive work on Differential Privacy, are
predicated on the point raised in the previous bullet: threats to
privacy occur in the private sector and academia as well. Differential
Privacy leverages the commonalities across sectors to point the way to
solutions. However, implementing helpful technologies is one thing;
getting industries and governments to overcome their desire for
information control, and actually implement solutions is another. BDA
2-05, April 2014

6. The upshot of all of this is that, while privacy is already
threatened or extinct in a growing number of places, the NSA's actions
are accelerating and expanding this phenomenon. That is already
sufficiently concerning in terms of quality of life; but further, since
electronic communications are the lifeblood of a great deal of
commercial activity, the NSA may also begin to have a chilling effect on
the U.S. economy.

Key Topics Covered:

1. Executive Summary

2. Introduction

3. When You Communicate Electronically in the U.S., Are You Handing Your
Data Over to the NSA? Quite Possibly: Yes